From 4f2912931e477af91c9e37b9a39b338de1273ba9 Mon Sep 17 00:00:00 2001 From: augushong Date: Thu, 19 May 2022 14:40:12 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8=E6=9B=B4=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E4=B8=94=E6=9B=B4=E5=81=A5=E5=A3=AE=E7=9A=84=E6=97=A5=E5=BF=97?= =?UTF-8?q?sql=E5=86=99=E6=B3=95=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/think/log/driver/DebugMysql.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/extend/think/log/driver/DebugMysql.php b/extend/think/log/driver/DebugMysql.php index 2a3dad6..c6d00be 100644 --- a/extend/think/log/driver/DebugMysql.php +++ b/extend/think/log/driver/DebugMysql.php @@ -128,19 +128,22 @@ class DebugMysql implements LogHandlerInterface if (!is_null($this->pdo)) { - foreach ($log_data as $key => &$value) { - $value = str_replace('\'', '\\\'', $value); + $prepare_name = []; + foreach ($log_data as $key => $value) { + $prepare_name[] = ':' . $key; } $data_keys = array_keys($log_data); $data_keys_in_sql = join(',', $data_keys); - $data_values_in_sql = join('\',\'', $log_data); + $prepare_name_in_sql = join(',', $prepare_name); - $sql = "INSERT INTO {$this->tableName} ($data_keys_in_sql) VALUES ('$data_values_in_sql');"; + $sql = "INSERT INTO {$this->tableName} ($data_keys_in_sql) VALUES ($prepare_name_in_sql);"; - $this->pdo->exec($sql); + $stmt = $this->pdo->prepare($sql); + + $stmt->execute($log_data); } else { fputcsv($this->fileRescource, $log_data);